Skip to content

Commit 0a86a5f

Browse files
cmurphycmurphy
committed
Now remove old security policies
The references are updated, these policies are no longer in use and can be deleted.
1 parent fe34e65 commit 0a86a5f

File tree

1 file changed

+0
-87
lines changed

1 file changed

+0
-87
lines changed

gcp/modules/tiles_tlog/network.tf

Lines changed: 0 additions & 87 deletions
Original file line numberDiff line numberDiff line change
@@ -115,73 +115,6 @@ data "google_compute_network_endpoint_group" "k8s_grpc_neg" {
115115
zone = each.key
116116
}
117117

118-
// TODO: delete this resource
119-
resource "google_compute_security_policy" "k8s_http_grpc_security_policy" {
120-
count = var.freeze_shard ? 0 : 1
121-
name = "${var.shard_name}-k8s-http-grpc-security-policy"
122-
project = var.project_id
123-
type = "CLOUD_ARMOR"
124-
125-
rule {
126-
action = "deny(502)"
127-
priority = "1"
128-
129-
match {
130-
expr {
131-
expression = "int(request.headers['content-length']) > 8388608"
132-
}
133-
}
134-
description = "Block all incoming write requests > 8MB"
135-
}
136-
137-
rule {
138-
action = "throttle"
139-
priority = "10"
140-
match {
141-
versioned_expr = "SRC_IPS_V1"
142-
config {
143-
src_ip_ranges = ["*"]
144-
}
145-
}
146-
rate_limit_options {
147-
enforce_on_key = "IP"
148-
conform_action = "allow"
149-
exceed_action = "deny(429)"
150-
rate_limit_threshold {
151-
count = var.http_grpc_qpm_rate_limit
152-
interval_sec = "60"
153-
}
154-
}
155-
description = "Rate limit all HTTP write traffic by client IP"
156-
}
157-
158-
rule {
159-
action = "allow"
160-
priority = "2147483647"
161-
match {
162-
versioned_expr = "SRC_IPS_V1"
163-
config {
164-
src_ip_ranges = ["*"]
165-
}
166-
}
167-
description = "default rule"
168-
}
169-
170-
advanced_options_config {
171-
json_parsing = "STANDARD"
172-
json_custom_config {
173-
content_types = ["application/json"]
174-
}
175-
}
176-
177-
adaptive_protection_config {
178-
layer_7_ddos_defense_config {
179-
enable = var.enable_adaptive_protection
180-
}
181-
}
182-
}
183-
184-
185118
resource "google_compute_security_policy" "k8s_http_grpc_security_policy_renamed" {
186119
count = var.freeze_shard ? 0 : 1
187120
name = "${var.shard_name}-${var.dns_subdomain_name}-k8s-http-grpc-security-policy"
@@ -311,26 +244,6 @@ resource "google_compute_backend_service" "k8s_grpc_backend_service" {
311244
}
312245
}
313246

314-
// TODO: delete this resource
315-
resource "google_compute_security_policy" "bucket_security_policy" {
316-
name = "${var.shard_name}-bucket-security-policy"
317-
project = var.project_id
318-
type = "CLOUD_ARMOR_EDGE"
319-
320-
rule {
321-
action = "allow"
322-
priority = "2147483647"
323-
match {
324-
versioned_expr = "SRC_IPS_V1"
325-
config {
326-
src_ip_ranges = ["*"]
327-
}
328-
}
329-
description = "default rule"
330-
}
331-
}
332-
333-
334247
resource "google_compute_backend_bucket" "tessera_backend_bucket" {
335248
name = "${var.shard_name}-${var.bucket_name_suffix}"
336249
project = var.project_id

0 commit comments

Comments
 (0)